Category: Security

Designing a secure system is a tough nut to crack. You need to have the ability to do your job as well as the capacity to prevent intrusion. Couple all that with what it is you are trying to secure, that is what’s the cost...

A while ago, when I was young, I liked to accrue access. This was back in the Insurance.com days. I was one of the old timers. My badge opened every door. I had most of the root passwords. I could do anything — because...

As I was writing yesterday about my initial experiences with Apple Pay. On the tail of that I learned on Thursday or Friday that there’s a bunch of NFC-compatible terminals that are being turned off by various merchants...

I wrote a few days ago about the disaster that is/was Heartbleed. Today is about LastPass — and more broadly password managers in general. The first question is why would you need a password manager. The real reason is...

A quick one today… Amazon is serious about security. We really are. To the point where we have a three-day security conference just for us. Security is what Amazon is built on. Between the retail storefront and our AWS...

I was looking at XKCD’s Wednesday’s comic and I had a good laugh. I was working on a project at Amazon around 8 months ago and I had made a funny (to me) bit of a slide for a report. The XKCD: Mine (with tons...

I ran into an interesting (though quite obvious) vulnerability in a site that I was looking at today. The idea is that you buy access to a file and then you go ahead and download it. No problem — in fact it’s a...

A friend of mine just had his house finished and the keys got handed over. Exciting! Awesome! It’s post to Facebook exciting!! Up until you realize that the key is the physical artifact that gives you access to the inside...